зеркало из https://github.com/mozilla/gecko-dev.git
Backed out 2 changesets (bug 1450309) for wpt failures on reporting-navigation.https.html. CLOSED TREE
Backed out changeset 7fae6ea289bd (bug 1450309) Backed out changeset 14c35856cea4 (bug 1450309)
This commit is contained in:
Родитель
7c046306b0
Коммит
45aaeb9042
|
@ -2011,7 +2011,10 @@ var Policies = {
|
|||
|
||||
WebsiteFilter: {
|
||||
onBeforeUIStartup(manager, param) {
|
||||
WebsiteFilter.init(param.Block || [], param.Exceptions || []);
|
||||
this.filter = new WebsiteFilter(
|
||||
param.Block || [],
|
||||
param.Exceptions || []
|
||||
);
|
||||
},
|
||||
},
|
||||
};
|
||||
|
|
|
@ -18,8 +18,8 @@
|
|||
* by using the special "<all_urls>" pattern for the blocklist, and then
|
||||
* adding all whitelisted websites on the exceptions list.
|
||||
*
|
||||
* Note that this module only blocks top-level website navigations and embeds.
|
||||
* It does not block any other accesses to these urls: image tags, scripts, XHR, etc.,
|
||||
* Note that this module only blocks top-level website navigations. It doesn't
|
||||
* block any other accesses to these urls: image tags, scripts, XHR, etc.,
|
||||
* because that could cause unexpected breakage. This is a policy to block
|
||||
* users from visiting certain websites, and not from blocking any network
|
||||
* connections to those websites. If the admin is looking for that, the recommended
|
||||
|
@ -48,86 +48,73 @@ XPCOMUtils.defineLazyGetter(this, "log", () => {
|
|||
|
||||
var EXPORTED_SYMBOLS = ["WebsiteFilter"];
|
||||
|
||||
let WebsiteFilter = {
|
||||
init(blocklist, exceptionlist) {
|
||||
let blockArray = [],
|
||||
exceptionArray = [];
|
||||
function WebsiteFilter(blocklist, exceptionlist) {
|
||||
let blockArray = [],
|
||||
exceptionArray = [];
|
||||
|
||||
for (let i = 0; i < blocklist.length && i < LIST_LENGTH_LIMIT; i++) {
|
||||
try {
|
||||
let pattern = new MatchPattern(blocklist[i].toLowerCase());
|
||||
blockArray.push(pattern);
|
||||
log.debug(`Pattern added to WebsiteFilter. Block: ${blocklist[i]}`);
|
||||
} catch (e) {
|
||||
log.error(`Invalid pattern on WebsiteFilter. Block: ${blocklist[i]}`);
|
||||
}
|
||||
for (let i = 0; i < blocklist.length && i < LIST_LENGTH_LIMIT; i++) {
|
||||
try {
|
||||
let pattern = new MatchPattern(blocklist[i]);
|
||||
blockArray.push(pattern);
|
||||
log.debug(`Pattern added to WebsiteFilter. Block: ${blocklist[i]}`);
|
||||
} catch (e) {
|
||||
log.error(`Invalid pattern on WebsiteFilter. Block: ${blocklist[i]}`);
|
||||
}
|
||||
}
|
||||
|
||||
this._blockPatterns = new MatchPatternSet(blockArray);
|
||||
this._blockPatterns = new MatchPatternSet(blockArray);
|
||||
|
||||
for (let i = 0; i < exceptionlist.length && i < LIST_LENGTH_LIMIT; i++) {
|
||||
try {
|
||||
let pattern = new MatchPattern(exceptionlist[i].toLowerCase());
|
||||
exceptionArray.push(pattern);
|
||||
log.debug(
|
||||
`Pattern added to WebsiteFilter. Exception: ${exceptionlist[i]}`
|
||||
);
|
||||
} catch (e) {
|
||||
log.error(
|
||||
`Invalid pattern on WebsiteFilter. Exception: ${exceptionlist[i]}`
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
if (exceptionArray.length) {
|
||||
this._exceptionsPatterns = new MatchPatternSet(exceptionArray);
|
||||
}
|
||||
|
||||
let registrar = Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
|
||||
|
||||
if (!registrar.isContractIDRegistered(this.contractID)) {
|
||||
registrar.registerFactory(
|
||||
this.classID,
|
||||
this.classDescription,
|
||||
this.contractID,
|
||||
this
|
||||
for (let i = 0; i < exceptionlist.length && i < LIST_LENGTH_LIMIT; i++) {
|
||||
try {
|
||||
let pattern = new MatchPattern(exceptionlist[i]);
|
||||
exceptionArray.push(pattern);
|
||||
log.debug(
|
||||
`Pattern added to WebsiteFilter. Exception: ${exceptionlist[i]}`
|
||||
);
|
||||
|
||||
Services.catMan.addCategoryEntry(
|
||||
"content-policy",
|
||||
this.contractID,
|
||||
this.contractID,
|
||||
false,
|
||||
true
|
||||
} catch (e) {
|
||||
log.error(
|
||||
`Invalid pattern on WebsiteFilter. Exception: ${exceptionlist[i]}`
|
||||
);
|
||||
}
|
||||
},
|
||||
}
|
||||
|
||||
shouldLoad(contentLocation, loadInfo, mimeTypeGuess) {
|
||||
let contentType = loadInfo.externalContentPolicyType;
|
||||
if (
|
||||
contentType == Ci.nsIContentPolicy.TYPE_DOCUMENT ||
|
||||
contentType == Ci.nsIContentPolicy.TYPE_SUBDOCUMENT
|
||||
) {
|
||||
if (this._blockPatterns.matches(contentLocation.spec.toLowerCase())) {
|
||||
if (
|
||||
!this._exceptionsPatterns ||
|
||||
!this._exceptionsPatterns.matches(contentLocation.spec.toLowerCase())
|
||||
) {
|
||||
return Ci.nsIContentPolicy.REJECT_POLICY;
|
||||
}
|
||||
if (exceptionArray.length) {
|
||||
this._exceptionsPatterns = new MatchPatternSet(exceptionArray);
|
||||
}
|
||||
|
||||
Services.obs.addObserver(this, "http-on-modify-request", true);
|
||||
}
|
||||
|
||||
WebsiteFilter.prototype = {
|
||||
QueryInterface: ChromeUtils.generateQI([
|
||||
"nsIObserver",
|
||||
"nsISupportsWeakReference",
|
||||
]),
|
||||
|
||||
observe(subject, topic, data) {
|
||||
let channel,
|
||||
isDocument = false;
|
||||
try {
|
||||
channel = subject.QueryInterface(Ci.nsIHttpChannel);
|
||||
isDocument = channel.isDocument;
|
||||
} catch (e) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Only filter document accesses
|
||||
if (!isDocument) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (this._blockPatterns.matches(channel.URI)) {
|
||||
if (
|
||||
!this._exceptionsPatterns ||
|
||||
!this._exceptionsPatterns.matches(channel.URI)
|
||||
) {
|
||||
// NS_ERROR_BLOCKED_BY_POLICY displays the error message
|
||||
// designed for policy-related blocks.
|
||||
channel.cancel(Cr.NS_ERROR_BLOCKED_BY_POLICY);
|
||||
}
|
||||
}
|
||||
return Ci.nsIContentPolicy.ACCEPT;
|
||||
},
|
||||
shouldProcess(contentLocation, loadInfo, mimeTypeGuess) {
|
||||
return Ci.nsIContentPolicy.ACCEPT;
|
||||
},
|
||||
classDescription: "Policy Engine File Content Policy",
|
||||
contractID: "@mozilla-org/policy-engine-file-content-policy-service;1",
|
||||
classID: Components.ID("{c0bbb557-813e-4e25-809d-b46a531a258f}"),
|
||||
QueryInterface: ChromeUtils.generateQI(["nsIContentPolicy"]),
|
||||
createInstance(outer, iid) {
|
||||
return this.QueryInterface(iid);
|
||||
},
|
||||
};
|
||||
|
|
|
@ -7,7 +7,7 @@ const SUPPORT_FILES_PATH =
|
|||
const BLOCKED_PAGE = `${SUPPORT_FILES_PATH}/policy_websitefilter_block.html`;
|
||||
const EXCEPTION_PAGE = `${SUPPORT_FILES_PATH}/policy_websitefilter_exception.html`;
|
||||
|
||||
add_task(async function test_http() {
|
||||
add_task(async function test() {
|
||||
await setupPolicyEngineWithJson({
|
||||
policies: {
|
||||
WebsiteFilter: {
|
||||
|
@ -20,29 +20,3 @@ add_task(async function test_http() {
|
|||
await checkBlockedPage(BLOCKED_PAGE, true);
|
||||
await checkBlockedPage(EXCEPTION_PAGE, false);
|
||||
});
|
||||
|
||||
add_task(async function test_http_mixed_case() {
|
||||
await setupPolicyEngineWithJson({
|
||||
policies: {
|
||||
WebsiteFilter: {
|
||||
Block: ["*://mochi.test/*policy_websitefilter_*"],
|
||||
Exceptions: ["*://mochi.test/*_websitefilter_exception*"],
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
await checkBlockedPage(BLOCKED_PAGE.toUpperCase(), true);
|
||||
await checkBlockedPage(EXCEPTION_PAGE.toUpperCase(), false);
|
||||
});
|
||||
|
||||
add_task(async function test_file() {
|
||||
await setupPolicyEngineWithJson({
|
||||
policies: {
|
||||
WebsiteFilter: {
|
||||
Block: ["file:///*"],
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
await checkBlockedPage("file:///this_should_be_blocked", true);
|
||||
});
|
||||
|
|
|
@ -6508,7 +6508,6 @@ nsresult nsDocShell::EndPageLoad(nsIWebProgress* aProgress,
|
|||
// Bug 1629201 is filed for having much clearer decision making around
|
||||
// which cases need error events.
|
||||
bool fireFrameErrorEvent = (aStatus == NS_ERROR_CONTENT_BLOCKED_SHOW_ALT ||
|
||||
aStatus == NS_ERROR_BLOCKED_BY_POLICY ||
|
||||
aStatus == NS_ERROR_CONTENT_BLOCKED);
|
||||
UnblockEmbedderLoadEventForFailure(fireFrameErrorEvent);
|
||||
|
||||
|
@ -8427,13 +8426,8 @@ nsresult nsDocShell::PerformRetargeting(nsDocShellLoadState* aLoadState) {
|
|||
&shouldLoad);
|
||||
|
||||
if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
if (shouldLoad == nsIContentPolicy::REJECT_TYPE) {
|
||||
return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
|
||||
}
|
||||
if (shouldLoad == nsIContentPolicy::REJECT_POLICY) {
|
||||
return NS_ERROR_BLOCKED_BY_POLICY;
|
||||
}
|
||||
if (NS_SUCCEEDED(rv) && shouldLoad == nsIContentPolicy::REJECT_TYPE) {
|
||||
return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
|
||||
}
|
||||
|
||||
return NS_ERROR_CONTENT_BLOCKED;
|
||||
|
|
|
@ -468,12 +468,6 @@ interface nsIContentPolicy : nsISupports
|
|||
*/
|
||||
const short REJECT_OTHER = -4;
|
||||
|
||||
/**
|
||||
* Returned from shouldLoad or shouldProcess if the load/process is forbiddden
|
||||
* based on enterprise policy.
|
||||
*/
|
||||
const short REJECT_POLICY = -5;
|
||||
|
||||
/**
|
||||
* Returned from shouldLoad or shouldProcess if the load or process request
|
||||
* is not rejected.
|
||||
|
|
|
@ -588,16 +588,11 @@ static nsresult DoContentSecurityChecks(nsIChannel* aChannel,
|
|||
NS_SetRequestBlockingReasonIfNull(
|
||||
aLoadInfo, nsILoadInfo::BLOCKING_REASON_CONTENT_POLICY_GENERAL);
|
||||
|
||||
if (NS_SUCCEEDED(rv) &&
|
||||
if ((NS_SUCCEEDED(rv) && shouldLoad == nsIContentPolicy::REJECT_TYPE) &&
|
||||
(contentPolicyType == nsIContentPolicy::TYPE_DOCUMENT ||
|
||||
contentPolicyType == nsIContentPolicy::TYPE_SUBDOCUMENT)) {
|
||||
if (shouldLoad == nsIContentPolicy::REJECT_TYPE) {
|
||||
// for docshell loads we might have to return SHOW_ALT.
|
||||
return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
|
||||
}
|
||||
if (shouldLoad == nsIContentPolicy::REJECT_POLICY) {
|
||||
return NS_ERROR_BLOCKED_BY_POLICY;
|
||||
}
|
||||
// for docshell loads we might have to return SHOW_ALT.
|
||||
return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
|
||||
}
|
||||
return NS_ERROR_CONTENT_BLOCKED;
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче